Encrypting to the Unknown (was: A bug in version 1.2.1?)
Wed Dec 11 18:53:02 2002
Werner Koch <email@example.com> schrieb am 2002-12-11 15:12 Uhr:
> On Wed, 11 Dec 2002 08:08:12 -0500, David Shaw said:
>>> There may be warnings ("You have no trustpath to this key that indicates its
>>> validity. Use anyway? [[cancel]] [OK]") or a pref to switch this off.
Pleas care for the detail that "cancel" is the default.
>> This is much better of course.
> Given the habit of many users to hit OK without thinking, the current
> way is safer; it forces the user to think about what he is going to
> do (while doing an lsign).
It forces them to sign someone they don't know a bit. Doing this should be
extremely dicouraged by the client software, not needed.
Even if they only --lsign they will have a trust-path to the signed
afterwards. This is a far worse security problem than willingly sending an
encrypted E-Mail to someone you don't know.
I use lsign only for keys where I am pretty much shure that they belong to
the one I want to reach, but not enough to guarantee his identity to the
And yes, there are valid reasons to encrypt to an unknown.
Being a small reseller of webspace I sometimes give restricted accounts to
allmost unknown for testing. I monitor that they behave well on the server
but would not like to send the account data unencrypted to be read by any
stupid postmaster on the way.
Another reason is evangelizing and support.
I don't need to know someone to give him the happy experience to receive and
send his first encrypted mail after his succesfull installation.
We just had that discussion in <news:de.comp.security.misc>, starting at
Message-ID: <1fmkaex.10opm1bw79im6N@news.fakemail.de> (in German):